Advisories ยป MGASA-2014-0087

Updated imagemagick package fixes security vulnerabilities

Publication date: 21 Feb 2014
Modification date: 21 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1958 , CVE-2014-2030

Description

A buffer overflow flaw was found in the way ImageMagick handled PSD images
that use RLE encoding. An attacker could create a malicious PSD image file
that, when opened in ImageMagick, would cause ImageMagick to crash or,
potentially, execute arbitrary code with the privileges of the user running
ImageMagick (CVE-2014-1958).

A buffer overflow flaw was found in the way ImageMagick writes PSD images when
the input data has a large number of unlabeled layers (CVE-2014-2030).
                

References

SRPMS

3/core

4/core